Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root


1 badge earned


Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!


Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.


Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!


Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
Community Members
Community Events
Community Groups

Which will be the best way to set permission to an external user to limit their work?


I need to give restricted access to a jira user that is an external consultant of our company (he will have a user in jira).
This user will only need access, permissions, and visibility of the tickets assigned to him.
The project is Jira Service Desk and I will create a rule to assign the issue straight to him:
When issue created; if request type = x and Application type(custom flied) = y; then assign to this user.

Which will be the best way to get this done? Which will be the best practices to build this?
Create a group, then a project role, permission scheme, issue security level?

thanks in advance

1 answer

1 accepted

1 vote
Answer accepted
Trudy Claspill Community Leader Dec 28, 2022

Are you working with a Team Managed project or a Company Managed project?

Permission Schemes and Issue Security Levels apply only to Company Managed projects.

There are several factors you need to consider:

1. When the user is granted product access to Jira Service Management you need to ensure that the User Group they get added to does not grant them access to any other Jira products or projects.

2. Permission Schemes determine the permissions for a user with the issues they are able to access. It can't be used to selectively make issues within a project inaccessible.

3. Are there other external people that might need to be given access in a similar manner in the same or another Service Management project?

I would recommend:

1. Create a User Group for such users that can be used in Product Access to grant them access only to Jira Service Management. This group may also need be added to Global Permissions in Jira depending on what you want to enable them to do.

2. Create a Role for the to be used in the Service Management project for this access if you want the Project Administrator to be able to manage which users get these permissions and issue level security access.

3. Add the user group to the Role, if you create a Role.

4. Create the Issue Level Security Scheme. You will need to have at least two Levels; one that includes the new group/role plus the other groups/roles that should be able to see these issues, and one that includes only the other groups/roles that should be able to see all issues. You are going to need to set a Default security level to ensure the group with limited access does not see all newly created issues.

5. If you want people to be able to set the issue security level you will have to add the field to the issue screens and grant those users permissions to do so in the Permission Scheme.

6. Set the Security Level for all existing issues. If you don't do this up front, then the limited access users will be able to see all the pre-existing issues.

7. Modify (or create a new) Permission Scheme to allocate the appropriate permissions to the group (or to the Role if you choose to make a Role) for seeing issues (that they are permitted to see per the Security Level), and creating/editing/commenting/etc. on the issues.

8. Add the limited access users as agents in your Service Management project.

I strongly recommend that you work this out with a test project or in a test instance rather than operating on your live service desk project. When you do update your live service desk project you should try to do that at a time where there your agents and customers will not be interacting with the issues, as these steps may make issues temporarily inaccessible.

Thanks Trudy!!This makes a lot of sense. I will give it a try right away.


Thanks a lot for you time and information!

Suggest an answer

Log in or Sign up to answer
Site Admin

Atlassian Community Events